Описание
Security update for libarchive
libarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304)
Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211)
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:0667-1
- E-Mail link for SUSE-SU-2015:0667-1
- SUSE Security Ratings
- SUSE Bug 800024
- SUSE Bug 920870
- SUSE CVE CVE-2013-0211 page
- SUSE CVE CVE-2015-2304 page
Описание
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2013-0211
- SUSE Bug 800024
- SUSE Bug 979005
Описание
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
Затронутые продукты
Ссылки
- CVE-2015-2304
- SUSE Bug 920870